Security & Ethics Flashcards
Hacking
Illegally gaining access to a computer system
Cracking
Illegally changing source code of a program so that it can be exploited for another
use
Spyware
User clicks on a link from an email or website
When clicked spyware is downloaded
Monitors users activity and relays it back to author
Keypresses can be analysed to find passwords
Common key logs allow password to be found
Viruses
Program that replicates itself
Deletes or corrupts files
Ransomware a new form of virus
Phishing
Fake email sent that locks legitimate
User clicks on link in the email
User redirected to fake website
Often used to try and steal financial details
How to avoid – Don’t click on links from unknown emails
Pharming
Malicious code stored on a computer
Redirects user to fake website to steal users data
How to avoid – check the URL is as expected
Cookies
Message given to browser by webserver
Stored in a text file
Stores detail about users preferences on a website
Message sent back to server each time that page is requested
Uses of Cookies
Enable logon information to be kept
Provide customized pages for the user
Enable target adverts
Enable one-click purchasing with shopping carts
Be able to distinguish between new and repeat visitors
Cause of Data Loss
Accidental Deletion Malicious – virus Hardware failure Software failure Natural disaster
Prevention of Data loss
Set data to read only
Use correct shut down procedures
Use correct procedures wen removing portable storage devices
Firewalls
Prevents unauthorized access Acts as a filter for incoming/outgoing data Checks data meets criteria Logs incoming and outgoing traffic Blocks access to specified IP addresses
Antivirus
Compares virus signature against a database of known virus signatures
Proxy Server
Keeps user IP address secret Prevents direct access to a webserver Filters traffic Speeds up traffic using CACHE Blocks selected IP addresses Helps prevent hacking of a webserver
Keeping Data Safe
Encrypt the data Password protection Virus checking software Physical methods Access rights
On Screen Security Methods
On screen keypad
Uses on-screen keypad
No keypresses so keylogging software won’t work
Numbers on key pad can be made random
Drop down boxes
Protects against key logging software
Stops key presses being recorded and relayed
Boxes can be placed in different locations each time to prevent screen capture
Password Text
Characters typed at a keyboard and can be changed by the user
Biometric
Scanned physical measurement that is compared to stored previously scanned measurement: Finger print Retina scan Voice recognition Face recognition
Security Protocols
Uses encryption Uses SSL Uses digital certificates – contains public key Makes use of public and private keys Data is meaningless without the key
How can we tell a website is using SSL
Protocol end in s e.g. https
Padlock on some browsers
Colour of address bar changes
SSL Process
Uses digital certificates
the browser asks the web server to identify itself
Server sends SSL
client and server agree on an encryption method to use that contains the server’s public key
Browser check authenticity of the certificate
A session key is generated
Sends signal to begin transmission
TLS
Record layer
Contains the data being transferred
Can be used with or without encryption
Handshake layer
Website and client authenticate each other
Encryption algorithms used to establish secure session
Differences between TLS and SSL
Possible to extend TLS using new authentication methods
TLS can make use of session caching
TLS separates handshake and record protocol
Encryption
Before encryption it is plain text Text encrypted using an algorithm Text encrypted using a key Encrypted text called cypher text Key transmitted separately from text Key used to decrypt the cypher text
Asymmetric Encryption
Private key and Public key needed
Public key given to everyone
Private key only known by the computer user
Encryption keys generated using a hashing algorithm
Authentication
Used to verify that data comes from trusted source
Symmetric Encryption
Uses the same key to encrypt and decrypt data
1 key needed to encrypt and another to decrypt
Hashing algorithm
Takes message or key and translates it into string of characters
Usually shown in hex notation
Length depends on algorithm used
Same hashing algorithm needed to decrypt
DoS Attacks
Large number of requests sent to server at once
Designed to flood a server with useless traffic
Server will come to a stop trying to deal with the traffic
Prevents users gaining access to the web server
Misuses
Hacking
Malware
Intellectual Property Rights
Copyright laws
Privacy and Anonymity Issues
social media
Effects of Computers on Society
Loss of jobs
Addiction and health problems
Laws
Data protection act
Computer misuse act
Environmental impacts
E-waste
Free Software
Can use for any legal purpose you wish
Can study and change the source code
Can pass on to other people
Must not be used to infringe copyright laws by copying existing software
Freeware
Can download and use free of charge
Cannot view or modify the source code e.g. Skype
Shareware
Can use for a trial free of charge Need to pay once the trial is over Often trial version missing key features Protected fully by copyright laws Cannot modify code or distribute the software
How cookies work
Cookie file is stored by browser on user’s SSD/HDD
User’s details are stored in encrypted text file
Webserver requests cooke file
Browser sends cooke file to webserver
Dangers of cookies
User does not see what information is stored
Users feel their privacy is affected
Sensitive information on cookies could be intercepted in transmission
Other websites could gain access to the cookies
Computer can be hacked and cookie may be obtained.
